BreachExchange mailing list archives
Fortifying Data Privacy and Security in Law Firms and Courts
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 24 Nov 2014 18:55:05 -0700
http://www.lawtechnologynews.com/id=1202677111995/Fortifying-Data-Privacy-and-Security-in-Law-Firms-and-Courts?slreturn=20141021181858 The Georgetown Law Advanced E-Discovery Institute at The Ritz-Carlton inTysons Corner, McLean, Va., featured a popular panel entitled “Data Privacy and Security: Substantive Claims and E-Discovery Issues Abound.” It was standing room only. The panelists covered data protection policies at law firms, vendors and courts, among other subjects. Timothy Opsitnick, founder and general counsel of Jurinnov, moderated the hour-and-fifteen-minute long panel. Speakers included: Magistrate Judge Andrew Peck, for the U.S. District Court for the Southern District of New York; Annika Martin, partner at Lieff Cabraser Heimann & Bernstein; David Shonka, principal general counsel at the U.S. Federal Trade Commission; and Lisa Sotto, partner at Hunton & Williams. Law firms have sensitive data to protect, such as the merger and acquisition information of their clients. Protecting data should be “dynamic,” said the FTC’s Shonka, noting that it’s a minute-to-minute endeavor. “[Data-security] is a non-stop process,” Shonka said. Law firms cannot be held to different standards than corporate, government entities or other organizations, said Shonka. If a law firm possesses data it must be protected, he said, noting that firms can be liable under personal injury law if client data are compromised. A solid data protection policy is implemented firmwide and includes monitoring and auditing by outside vendors, with comeuppances for employees not adhering to the policy, Shonka said. A breach response plan is also necessary, he said, as there are several instances that could spark an incident (e.g., disgruntled employee, lost laptop, etc.). Data security is generally not a concern for producing parties in an e-discovery matter, noted Lieff Cabraser’s Martin. Data privacy is primarily practiced in large firms, Peck noted, saying that some small firms and solo practitioners have never contemplated computer security. In most instances the tremendous price tag of securing data privacy would be impractical for solo practitioners. In his role as judge, Peck would almost never warn parties about potential data risks, he said. He did note that if there was extremely sensitive information that was at risk of being hacked he potentially might ask the parties if they’ve considered the possibility of a data breach. Service providers have an obligation to care for data too, said Sotto. Venders shouldn’t use client data for purposes other than fulfilling client needs, Sotto said, noting that vendors can be vetted by on-site visits and third-party audits. Vendors should also screen their employees with background checks, she said. Data security in the 2nd district court, said Peck, includes storing documents under seal in a vault and not incorporating them in the electronic court record. If in electronic form, the sealed data would only be at risk if there was a break in at the court, he said. Information not under seal is open for public access. Cell phones are also not allowed in the court, Peck said. If a lawyer has a New York State Bar Association identification card, he or she will be permitted to bring a single cell phone into the court, he said. This policy eliminates the risk of tweeting jurors, said Peck.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Fortifying Data Privacy and Security in Law Firms and Courts Audrey McNeil (Dec 02)